diff options
| author | Côme Chilliet <come.chilliet@nextcloud.com> | 2022-07-12 12:09:05 +0200 |
|---|---|---|
| committer | Côme Chilliet <come.chilliet@nextcloud.com> | 2022-07-12 12:09:05 +0200 |
| commit | c5ffd7ce32a74c06dddd55652edea5c896ee9b3d (patch) | |
| tree | 514c6612e3e5177b32cac784f672cc52a03bbec2 /lib/private/Http/Client/LocalAddressChecker.php | |
| parent | 707b46bb01e67b764274fc00275e2076aeea5327 (diff) | |
| download | nextcloud-server-c5ffd7ce32a74c06dddd55652edea5c896ee9b3d.tar.gz nextcloud-server-c5ffd7ce32a74c06dddd55652edea5c896ee9b3d.zip | |
Use Symfony IpUtils to check for local IP ranges
Signed-off-by: Côme Chilliet <come.chilliet@nextcloud.com>
Diffstat (limited to 'lib/private/Http/Client/LocalAddressChecker.php')
| -rw-r--r-- | lib/private/Http/Client/LocalAddressChecker.php | 10 |
1 files changed, 7 insertions, 3 deletions
diff --git a/lib/private/Http/Client/LocalAddressChecker.php b/lib/private/Http/Client/LocalAddressChecker.php index b0c420a4fe8..f4fea503ab9 100644 --- a/lib/private/Http/Client/LocalAddressChecker.php +++ b/lib/private/Http/Client/LocalAddressChecker.php @@ -27,6 +27,7 @@ namespace OC\Http\Client; use OCP\Http\Client\LocalServerException; use Psr\Log\LoggerInterface; +use Symfony\Component\HttpFoundation\IpUtils; class LocalAddressChecker { private LoggerInterface $logger; @@ -36,12 +37,15 @@ class LocalAddressChecker { } public function ThrowIfLocalIp(string $ip) : void { - $localIps = ['100.100.100.200']; + $localRanges = [ + '100.64.0.0/10', // See RFC 6598 + '192.0.0.0/24', // See RFC 6890 + ]; if ( (bool)filter_var($ip, FILTER_VALIDATE_IP) && ( !filter_var($ip, FILTER_VALIDATE_IP, FILTER_FLAG_NO_PRIV_RANGE | FILTER_FLAG_NO_RES_RANGE) || - in_array($ip, $localIps, true) + IpUtils::checkIp($ip, $localRanges) )) { $this->logger->warning("Host $ip was not connected to because it violates local access rules"); throw new LocalServerException('Host violates local access rules'); @@ -54,7 +58,7 @@ class LocalAddressChecker { if ( !filter_var($ipv4Address, FILTER_VALIDATE_IP, FILTER_FLAG_NO_PRIV_RANGE | FILTER_FLAG_NO_RES_RANGE) || - in_array($ipv4Address, $localIps, true)) { + IpUtils::checkIp($ip, $localRanges)) { $this->logger->warning("Host $ip was not connected to because it violates local access rules"); throw new LocalServerException('Host violates local access rules'); } |